RustyMalware is a collection of Rust-based malware development techniques and snippets designed to support red teaming, offensive security research, and adversary simulation. This repository showcases how Rust can be leveraged to create stealthy, efficient, and evasive malware. Creating this project was largely inspired by MalDevAcademy training, so be sure to check them out!
Please note that RustyMalware is a work in progress and more features will be added.
- APC Injection - Misusing Windows Asynchronous Procedure Calls (APCs) to inject malicious shellcode into a process.
- Callback Execution - Exploiting Windows callback functions to execute arbitrary code via function pointers.
- Process Enumeration - Enumerating Windows processes to identify targets for injecting shellcode.
- Thread Hijacking - Hijacking Windows threads to execute arbitrary code.
- Function Stomping - Overwriting module functions in local or remote processes to execute arbitrary shellcode.
- Execution Control - Controlling payload execution and access to shared resources using events, mutexes, and semaphores.
- PPID Spoofing - Spoofing the PPID (Parent Process ID) of injected processes to reduce indicators of compromise (IoCs).
- IAT Obfuscation - Obfuscating the Import Address Table (IAT) to hide usage of suspicious Windows APIs.
- Keylogging
- Shellcode injection via Direct/Indirect Syscalls
- IAT Obfuscation
- API Hashing
Code can be compiled via cargo build --release.
This project is licensed under the MIT License